Skip to main content Skip to footer
  • "com.cts.aem.core.models.NavigationItem@511d09b1" Careers
  • "com.cts.aem.core.models.NavigationItem@609cb920" News
  • "com.cts.aem.core.models.NavigationItem@2a498ad" Events
  • "com.cts.aem.core.models.NavigationItem@48ece5cf" Investors
Cognizant Blog


In our previous blog post, we explored the essential role that Enterprise Risk Management (ERM) plays in strategic planning and operational resilience for Life Sciences organisations, as well as the critical role that the supporting risk governance structures perform in ensuring its effectiveness.

Now, we're delving further into the specific issues that arise through poor risk governance and what the governance structure must do to address them. 
 

What is risk governance, exactly? 

According to the Society of Risk Analysis, risk governance includes “the totality of actors, rules, conventions, processes, and mechanisms concerned with how relevant risk information is collected, analysed and communicated”, and how management decisions are subsequently taken. 

Breaking down this definition, we arrive at 4 key actions that any comprehensive risk governance structure must fulfil: 

  • Risk information discovery and collation: The risk governance body is directly responsible for coordinating risk discovery and efficiently collating this information into a centralised repository or database. 

  • Analysis of identified risks: It must establish the frameworks by which this will be done, ensuring consistency in measurement and estimation, as well as providing guidance on judgement in matters of severity, likelihood, and acceptability criteria. 

  • Risk control and mitigation: The risk governance body should oversee the creation of action plans and closely monitor their timely implementation, as well as assessing their effectiveness.  

  • Communication of key risk information pre- and post-assessment: The most critical role of all is in the communication of risk information across departments and throughout hierarchies. The governance body effectively acts as a proactive nexus for all the critical information regarding newly identified risks, mitigations to be put in place, and top priority risks. 
     

Common challenges and how to address them

In our work with Life Sciences organisations, certain challenges come up again and again. All risk governance structures face these issues. The best structures address them, the poor ones create and perpetuate them. Let’s delve into some of the most pervasive and impactful challenges we come across, and how we go about solving them.

Challenge 1: Lack of accountability and ownership

Ultimately the buck must stop with someone. Risk Ownership, meaning ultimate responsibility for managing a particular risk and ensuring the residual risk falls in-line with company risk appetite (see previous blog for a definition of risk appetite) has to be clearly defined for all risks included in a company risk register. Even when the risk mitigation strategy requires the involvement of multiple actors, there always needs to be someone responsible for ensuring this gets done. 

For the highest priority risks, the appointment of a Risk Sponsor, someone who takes accountability at board or executive committee level should also be defined.

Challenge 2: Immature risk culture

Characterised by a lack of risk awareness and knowledge, as well as dismissive attitudes towards risk management, an immature risk culture is a top-priority issue.

There are no quick fixes here; addressing this requires a thorough and defined change management plan. While typical approaches include facilitating risk seminars and workshops, a requisite factor for these to be effective is clear communication and signalling from company leadership highlighting a shift in the approach to risk.

Challenge 3: Opaque risk appetite positioning

Without clear guidance on the amount of risk-taking that the company is comfortable to engage in, individual actors and risk owners are left to make these decisions based on their own subjective criteria. 

It is the risk governance body’s responsibility to communicate the company’s risk appetite. Simply assigning a risk owner to “manage a risk”, without this additional context can lead to disastrous consequences and divergent mitigation strategies. If left completely unadvised, how would one reasonably expect a sales operative and a quality assurance manager to act towards managing a similar risk?

Challenge 4: Ineffective horizontal and vertical communication  

Communication challenges typically arise where siloed working on risk management activities is prevalent.

In addition to the cultural changes mentioned above, visibility and access to information for all stakeholders is key. Creating a practice of proactive communication is equally as important. 

To address the first point, an easily accessible centralised repository of risk information, including mitigation strategies, should be created. To enable the second, a formal governance group comprised of relevant risk owners should be established to provide council to each other on risk mitigation and assessment, as well as to identify shared risks which may require a collaborative approach. 
 

A solid foundation for risk governance

For Life Sciences organisations, effective risk governance is essential, both for the long-term health of the business and for the wellbeing of the patients it serves. Addressing the common challenges outlined above will ensure a solid foundation for any risk governance structure.

 


Rolando Garcia-Maritano

Business Analyst, Life Sciences Consulting, Cognizant

Author Image




In focus

Latest blog posts


More blog posts